BUG/MINOR: cfgparse: Fix transition between 2 sections with the same name
When a section's parser is registered, it can also define a post section
callback, called at the end of the section parsing. But when 2 sections with the
same name followed each other, the transition between them was missed. This
induced 2 bugs. First, the call to the post section callback was skipped. Then,
the parsing of the second section was mixed with the first one.
BUG/MEDIUM: Special-case http_proxy when dealing with outgoing connections.
http_proxy is special, because it creates its connection and conn_stream
earlier. So in assign_server(), check that the connection associated with
the conn_stream has a destination address set, and in connect_server(),
use the connection and the conn_stream already attached to the
stream_interface, instead of looking for a connection in the session, and
creating a new conn_stream.
MEDIUM: server: Be smarter about deciding to reuse the last server.
Instead of parsing all the available connections owned by the session
each time we choose a server, even if prefer-last-server is not set,
just do it if prefer-last-server is used, and check if the server is usable,
before checking the connections.
Olivier Houchard [Fri, 30 Nov 2018 16:31:52 +0000 (17:31 +0100)]
MEDIUM: session: Steal owner-less connections on end of transaction.
When a transaction ends, if we want to do keepalive, and the connection we
used didn't have an owner, attach the connection to the session, so that we
don't have to destroy it, and we can reuse it later.
Olivier Houchard [Fri, 30 Nov 2018 16:24:55 +0000 (17:24 +0100)]
MAJOR: sessions: Store multiple outgoing connections in the session.
Instead of just storing the last connection in the session, store all of
the connections, for at most MAX_SRV_LIST (currently 5) targets.
That way we can do keepalive on more than 1 outgoing connection when the
client uses HTTP/2.
Olivier Houchard [Thu, 29 Nov 2018 16:08:53 +0000 (17:08 +0100)]
MEDIUM: connections: Put H2 connections in the idle list if http-reuse always.
When creating a new outgoing H2 connection, put it in the idle list so that
it's immediately available for others to use, if http-reuse always is used.
Olivier Houchard [Fri, 30 Nov 2018 12:17:48 +0000 (13:17 +0100)]
BUG/MEDIUM: mux_pt: Don't try to send if handshake is not done.
While it is true the SSL code will do the right thing if the SSL handshake
is not done, we have other types of handshake to deal with (proxy protocol,
netscaler, ...). For those we definitively don't want to try to send data
before it's done. All handshakes but SSL will go through the mux_pt, so in
mux_pt_snd_buf, don't try to send while a handshake is pending.
Olivier Houchard [Thu, 29 Nov 2018 17:05:05 +0000 (18:05 +0100)]
BUG/MEDIUM: session: properly clean the outgoing connection before freeing.
In session_free(), make sure the outgoing connection is not in the idle list
anymore, and it does no longer have an owner, so that it will properly be
destroyed and nobody will be able to access it.
Olivier Houchard [Thu, 29 Nov 2018 17:01:46 +0000 (18:01 +0100)]
BUG/MEDIUM: streams: Don't assume we have a CS in sess_update_st_con_tcp.
We can reach sess_update_st_con_tcp() while we still have a connection
attached, so take that into account, and free the connection, instead of
assuming it's always a conn_stream.
Olivier Houchard [Thu, 29 Nov 2018 16:50:45 +0000 (17:50 +0100)]
BUG/MEDIUM: session: Remove the session from the session_list in session_free.
When freeing the session, we may fail to free the outgoing connection,
because it still has streams attached. So remove ourself from the session
list, so that the connection doesn't try to access it later.
Use #!bin/sh more portable shebang.
Support filenames with spaces.
Set HAPROXY_PROGRAM environment variable value to ${PWD}/haproxy.
exit(1) if we could not creat the higher level temporary working directory
or create its sub-directory with mktemp utility.
As defined by POSIX, use six characters for the mktemp template.
Olivier Houchard [Thu, 29 Nov 2018 16:06:17 +0000 (17:06 +0100)]
BUG/MEDIUM: h2: Call h2_process() if there's an error on the connection.
In h2_recv(), return 1 if there's an error on the connection, not just if
there's a read0 pending, so that h2_process() can be called and act as a
janitor.
Olivier Houchard [Thu, 29 Nov 2018 16:02:41 +0000 (17:02 +0100)]
BUG/MEDIUM: stream_interface: Make sure we read all the data available.
In si_cs_recv(), when there's an error on the connection or the conn_stream,
don't give up if CS_FL_RCV_MORE is set on the conn_stream, as it means there's
still data available.
Olivier Houchard [Thu, 29 Nov 2018 16:00:38 +0000 (17:00 +0100)]
BUG/MEDIUM: stream_interface: Don't check if the handshake is done.
In si_cs_send(), don't give up and subscribe if the connection is still
waiting for a SSL handshake. We will never be woken up once the handshake is
done if we're using HTTP/2. Instead, directly try to send data. When using
the mux_pt, if the handshake is not done yet, snd_buf() would return 0 and
we will subscribe anyway.
Olivier Houchard [Thu, 29 Nov 2018 15:58:49 +0000 (16:58 +0100)]
BUG/MEDIUM: connections: Don't forget to detach the connection from the SI.
When we're deferring the mux choice until the ALPN is negociated, we
attach the connection to the stream_interface until it's done, so that we
can destroy it if something goes wrong and the stream is destroy.
Before calling si_attach_cs() to attach the conn_stream once we have it,
call si_detach_endpoint(), or is_attach_cs() would destroy the connection.
Olivier Houchard [Thu, 29 Nov 2018 15:57:32 +0000 (16:57 +0100)]
BUG/MEDIUM: connections: Wake the stream once the mux is chosen.
When we defer the mux choice until the ALPN is negociated, don't forget
to wake the stream once it's done, or it will never have the opportunity
to send data.
Baptiste Assmann [Wed, 28 Nov 2018 14:20:25 +0000 (15:20 +0100)]
BUG/MINOR: ssl: ssl_sock_parse_clienthello ignores session id
In ssl_sock_parse_clienthello(), the code considers that SSL Sessionid
size is '1', and then considers that the SSL cipher suite is availble
right after the session id size information.
This actually works in a single case, when the client does not send a
session id.
This patch fixes this issue by introducing the a propoer way to parse
the session id and move forward the cursor by the session id length when
required.
Olivier Houchard [Thu, 29 Nov 2018 12:49:59 +0000 (13:49 +0100)]
BUG/MEDIUM: mux_pt: Don't forget to unsubscribe() on attach.
In the mux_pt, when we're attaching a new conn_stream, don't forget to
unsubscribe from the connection. Failure to do so may lead to the mux_pt
freeing the connection while the conn_stream can still want to access it.
The client makes the same HTTP request four times.
The varnishtest HTTP server serves the first client request and quits.
So, the three last requests are handled by the haproxy cache.
PiBa-NL [Tue, 27 Nov 2018 21:26:38 +0000 (22:26 +0100)]
REGTEST/MINOR: script: add run-regtests.sh script
Some tests require a minimal haproxy version or compilation options to be
able to run successfully. This script allows to add 'requirements' to tests
to check so they will automatically be skipped if a requirement is not met.
The script supports several parameters to slightly modify its behavior
including the directories to search for tests.
Also some features are not available for certain OS's these can also
be 'excluded', this should allow for the complete set of test cases to be
run on any OS against any haproxy release without 'expected failures'.
The test .vtc files will need to be modified to include their 'requirements'
by listing including text options as shown below:
#EXCLUDE_TARGETS=dos,freebsd,windows
#REQUIRE_OPTIONS=ZLIB,OPENSSL,LUA
#REQUIRE_VERSION=0.0
#REQUIRE_VERSION_BELOW=99.9,
When excluding a OS by its TARGET, please do make a comment why the test
can not succeed on that TARGET.
Olivier Houchard [Wed, 28 Nov 2018 12:26:11 +0000 (13:26 +0100)]
BUG/MEDIUM: h2: Don't bogusly error if the previous stream was closed.
In h2_process_demux(), if we're demuxing multiple frames, and the previous
frame led to a stream getting closed, don't bogusly consider that an error,
and destroy the next stream, as there are valid cases where the stream could
be closed.
BUG/MEDIUM: listeners: CLOEXEC flag is not correctly set
The CLOEXEC flag was set using a F_SETFL which can't work.
To set the CLOEXEC flag F_SETFD should be used, the problem is that it
needs a new call to fcntl() and it's on the path of every accept.
This flag was only needed in the case of the master, so the patch was
reverted and the flag set only in this case.
The bug was introduced by 0b3e849 ("MEDIUM: listeners: set O_CLOEXEC on
the accepted FDs").
If the master was reloaded and there was a established connection to a
server, the FD resulting from the accept was leaking.
There was no CLOEXEC flag set on the FD of the socketpair created during
a connect call. This is specific to the socketpair in the master process
but it should be applied to every protocol in case we use them in the
master at some point.
Lukas Tribus [Mon, 26 Nov 2018 21:57:17 +0000 (22:57 +0100)]
MINOR: ssl: free ctx when libssl doesn't support NPN
The previous fix da95fd90 ("BUILD/MINOR: ssl: fix build with non-alpn/
non-npn libssl") does fix the build in old OpenSSL release, but I
overlooked that the ctx is only freed when NPN is supported.
Fix this by moving the #endif to the proper place (this was broken in c7566001 ("MINOR: server: Add "alpn" and "npn" keywords")).
Willy Tarreau [Mon, 26 Nov 2018 16:09:46 +0000 (17:09 +0100)]
MEDIUM: memory: make the pool cache an array and not a thread_local
Having a thread_local for the pool cache is messy as we need to
initialize all elements upon startup, but we can't until the threads
are created, and once created it's too late. For this reason, the
allocation code used to check for the pool's initialization, and
it was the release code which used to detect the first call and to
initialize the cache on the fly, which is not exactly optimal.
Now that we have initcalls, let's turn this into a per-thread array.
This array is initialized very early in the boot process (STG_PREPARE)
so that pools are always safe to use. This allows to remove the tests
from the alloc/free calls.
Doing just this has removed 2.5 kB of code on all cumulated pool_alloc()
and pool_free() paths.
Willy Tarreau [Mon, 26 Nov 2018 15:31:20 +0000 (16:31 +0100)]
MEDIUM: initcall: use initcalls for a few initialization functions
signal_init(), init_log(), init_stream(), and init_task() all used to
only preset some values and lists. This needs to be done very early to
provide a reliable interface to all other users. The calls used to be
explicit in haproxy.c:init(). Now they're placed in initcalls at the
STG_PREPARE stage. The functions are not exported anymore.
Willy Tarreau [Mon, 26 Nov 2018 14:57:34 +0000 (15:57 +0100)]
MEDIUM: memory: use pool_destroy_all() to destroy all pools on deinit()
Instead of exporting a number of pools and having to manually delete
them in deinit() or to have dedicated destructors to remove them, let's
simply kill all pools on deinit().
For this a new function pool_destroy_all() was introduced. As its name
implies, it destroys and frees all pools (provided they don't have any
user anymore of course).
This allowed to remove 4 implicit destructors, 2 explicit ones, and 11
individual calls to pool_destroy(). In addition it properly removes
the mux_pt_ctx pool which was not cleared on exit (no backport needed
here since it's 1.9 only). The sig_handler pool doesn't need to be
exported anymore and became static now.
Willy Tarreau [Mon, 26 Nov 2018 10:58:30 +0000 (11:58 +0100)]
MEDIUM: init: use initcall for all fixed size pool creations
This commit replaces the explicit pool creation that are made in
constructors with a pool registration. Not only this simplifies the
pools declaration (it can be done on a single line after the head is
declared), but it also removes references to pools from within
constructors. The only remaining create_pool() calls are those
performed in init functions after the config is parsed, so there
is no more user of potentially uninitialized pool now.
It has been the opportunity to remove no less than 12 constructors
and 6 init functions.
Willy Tarreau [Mon, 26 Nov 2018 10:44:35 +0000 (11:44 +0100)]
MINOR: memory: add a callback function to create a pool
The new function create_pool_callback() takes 3 args including the
return pointer, and creates a pool with the specified name and size.
In case of allocation error, it emits an error message and returns.
The new macro REGISTER_POOL() registers a callback using this function
and will be usable to request some pools creation and guarantee that
the allocation will be checked. An even simpler approach is to use
DECLARE_POOL() and DECLARE_STATIC_POOL() which declare and register
the pool.
Willy Tarreau [Mon, 26 Nov 2018 10:21:50 +0000 (11:21 +0100)]
MINOR: initcall: use initcalls for most post_{check,deinit} and per_thread*
Most calls to hap_register_post_check(), hap_register_post_deinit(),
hap_register_per_thread_init(), hap_register_per_thread_deinit() can
be done using initcalls and will not require a constructor anymore.
Let's create a set of simplified macros for this, called respectively
REGISTER_POST_CHECK, REGISTER_POST_DEINIT, REGISTER_PER_THREAD_INIT,
and REGISTER_PER_THREAD_DEINIT.
Some files were not modified because they wouldn't benefit from this
or because they conditionally register (e.g. the pollers).
Willy Tarreau [Mon, 26 Nov 2018 09:19:54 +0000 (10:19 +0100)]
MINOR: initcall: apply initcall to all register_build_opts() calls
Most register_build_opts() calls use static strings. These ones were
replaced with a trivial REGISTER_BUILD_OPTS() statement adding the string
and its call to the STG_REGISTER section. A dedicated section could be
made for this if needed, but there are very few such calls for this to
be worth it. The calls made with computed strings however, like those
which retrieve OpenSSL's version or zlib's version, were moved to a
dedicated function to guarantee they are called late in the process.
For example, the SSL call probably requires that SSL_library_init()
has been called first.
Willy Tarreau [Sun, 25 Nov 2018 19:12:18 +0000 (20:12 +0100)]
MEDIUM: init: use self-initializing spinlocks and rwlocks
This patch replaces a number of __decl_hathread() followed by HA_SPIN_INIT
or HA_RWLOCK_INIT by the new __decl_spinlock() or __decl_rwlock() which
automatically registers the lock for initialization in during the STG_LOCK
init stage. A few static modifiers were lost in the process, but since they
were not essential at all it was not worth extending the API to provide such
a variant.
Willy Tarreau [Sun, 25 Nov 2018 18:46:08 +0000 (19:46 +0100)]
MINOR: threads: add new macros to declare self-initializing locks
Using __decl_spinlock(), __decl_rwlock(), __decl_aligned_spinlock()
and __decl_aligned_rwlock(), one can now simply declare a spinlock
or an rwlock which will automatically be initialized at boot time
by calling the ha_spin_init() or ha_rwlock_init() callback. The
"aligned" variants enforce a 64-byte alignment on the lock.
Willy Tarreau [Sun, 25 Nov 2018 18:28:23 +0000 (19:28 +0100)]
MINOR: thread: provide a set of lock initialisers
This patch adds ha_spin_init() and ha_rwlock_init() which are used as
a callback to initialise locks at boot time. They perform exactly the
same as HA_SPIN_INIT() or HA_RWLOCK_INIT() but from within a real
function.
Willy Tarreau [Sun, 25 Nov 2018 18:14:37 +0000 (19:14 +0100)]
MEDIUM: init: convert all trivial registration calls to initcalls
This switches explicit calls to various trivial registration methods for
keywords, muxes or protocols from constructors to INITCALL1 at stage
STG_REGISTER. All these calls have in common to consume a single pointer
and return void. Doing this removes 26 constructors. The following calls
were addressed :
Willy Tarreau [Sun, 25 Nov 2018 17:36:15 +0000 (18:36 +0100)]
MINOR: initcall: introduce a way to register init functions to call at boot
We currently have to deal with multiple initialization stages in a way
that can be confusing, because certain parts rely on others having been
properly initialized. Most calls consist in adding lists to existing
lists, whose heads are initialized in the declaration so this is easy.
But some calls create new pools and require pools to be properly
initialized. Pools currently are thread-local and as such cannot be
pre-initialized, requiring run-time checks.
All this could be simplified by using multiple boot stages and allowing
functions to be registered at various stages.
One approach might be to use gcc's constructor priorities, but this
requires gcc >= 4.3 which eliminates a wide spectrum of working compilers,
and some versions of certain compilers (like clang 3.0) are known for
silently ignore these priorities.
Instead we can use our own init function registration mechanism. A first
attempt was made using register_function() calls in all constructors but
this made the code more painful.
This patch's approach is different. It creates sections containing
arrays of pointers to "initcall" descriptors. An initcall contains a
pointer to a function and an argument. Each section corresponds to a
specific initialization stage. Each module creates such descriptors
for various calls it requires. The main() function starts by scanning
each of these sections in turn to process these initcalls.
This will make it possible to remove many constructors from various
modules, by simply placing initcalls for the requested functions next
to the keyword lists that need to be called.
A first attempt was made by placing the initcalls directly into the
sections instead of creating an array of pointers, but it becomes
sensitive to the array's alignment which depends on the compiler and
the linker, so it seems too fragile.
For now we support 6 init stages :
- STG_PREPARE : preset variables, tables and list heads
- STG_LOCK : initialize spinlocks and rwlocks
- STG_ALLOC : allocate the required structures
- STG_POOL : create pools
- STG_REGISTER : register static lists (keywords etc)
- STG_INIT : subsystems normal initialization
These ones are declared directly in the files where they are needed
using one of the INITCALL* macros, passing 0 to 3 pointers as
arguments.
The API should possibly be extended to support a return value to give
a status to the caller, and to support a unified API, possibly a bit
more flexibility in the arguments. In this case it might make sense to
support a set of macros to register functions having a different API
and to pass the function type in the initcall itself.
Special thanks to Olivier for showing how to scan sections as this is
not something particularly well documented and exactly what I've been
missing to achieve this.
Willy Tarreau [Mon, 26 Nov 2018 18:41:40 +0000 (19:41 +0100)]
BUILD: buffers: buf.h requires unistd to get ssize_t on libmusl
Building with musl and gcc-5.3 for MIPS returns this :
include/common/buf.h: In function 'b_dist':
include/common/buf.h:252:2: error: unknown type name 'ssize_t'
ssize_t dist = to - from;
^
Including stdint or stddef is not sufficient there to get ssize_t,
unistd is needed as well. It's likely that other platforms will have
the same issue. This patch also addresses it in ist.h and memory.h.
Willy Tarreau [Mon, 26 Nov 2018 18:35:30 +0000 (19:35 +0100)]
BUILD: htx: fix fprintf format inconsistency on 32-bit platforms
Building on 32 bits gives this :
include/proto/htx.h: In function 'htx_dump':
include/proto/htx.h:443:25: warning: format '%lu' expects argument of type 'long unsigned int', but argument 8 has type 'uint64_t {aka long long unsigned int}' [-Wformat=]
fprintf(stderr, "htx:%p [ size=%u - data=%u - used=%u - wrap=%s - extra=%lu]\n",
^
In htx_dump(), fprintf() uses %lu but the value is an uint64_t so it
doesn't match on 32-bit. Let's cast this to unsigned long long and use
%llu instead.
We reintroduced some FDs leaking by using a poller and some listeners in
the master.
The master proxy needs to be stopped to avoid leaking its listeners, the
polling loop needs to be deinit, and the thread waker pipe need to be
closed too.
Willy Tarreau [Mon, 26 Nov 2018 13:44:03 +0000 (14:44 +0100)]
MINOR: compression: always create the compression pool
Surprisingly, the compression pool was created at runtime on first use,
which is not very convenient, has performance and reliability impacts,
and even makes monitoring less easy. Let's move the pool creation at
startup time instead. This even removes the need for the spinlock in
case USE_ZLIB is not defined.
Willy Tarreau [Mon, 26 Nov 2018 09:24:45 +0000 (10:24 +0100)]
BUILD: compression: fix build error with DEFAULT_MAXZLIBMEM
The tune.maxzlibmem setting was moved with commit 368780334 ("MEDIUM:
compression: move the zlib-specific stuff from global.h to compression.c")
but the preset value using DEFAULT_MAXZLIBMEM was incorrectly moved :
- the field is in "global" and not "global.tune"
- the trailing comma instead of semi-colon will make it either zero
(threads enabled), break (threads enabled with debugging), or cast
the memprintf's return pointer to int (threads disabled)
It simply proves that nobody ever used DEFAULT_MAXZLIBMEM since 1.8!
Lukas Tribus [Sun, 25 Nov 2018 12:21:27 +0000 (13:21 +0100)]
BUILD/MINOR: ssl: fix build with non-alpn/non-npn libssl
In commit c7566001 ("MINOR: server: Add "alpn" and "npn" keywords") and
commit 201b9f4e ("MAJOR: connections: Defer mux creation for outgoing
connection if alpn is set"), the build was broken on older OpenSSL
releases.
Move the #ifdef's around so that we build again with older OpenSSL
releases (0.9.8 was tested).
Willy Tarreau [Sun, 25 Nov 2018 08:16:46 +0000 (09:16 +0100)]
[RELEASE] Released version 1.9-dev8
Released version 1.9-dev8 with the following main changes :
- REORG: config: extract the global section parser into cfgparse-global
- REORG: config: extract the proxy parser into cfgparse-listen.c
- BUILD: update the list of supported targets and compilers in makefile and readme
- BUILD: reorder the objects in the makefile
- BUILD: Makefile: make "V=1" show some of the commands that are executed
- BUILD: Makefile: add the quiet mode to a few more targets
- BUILD: Makefile: add "$(Q)" to clean, tags and cscope targets
- BUILD: Makefile: switch to quiet mode by default for CC/LD/AR
- MINOR: cli: format `show proc` to be more readable
- MINOR: cli: displays uptime in `show proc`
- MINOR: cli: show master information in 'show proc'
- BUG/MEDIUM: hpack: fix encoding of "accept-ranges" field
- MAJOR: mux-h1: Remove the rxbuf and decode HTTP messages in channel's buffer
- BUG/MINOR: mux-h1: Enable keep-alive on server side
- BUG/MEDIUM: mux-h1: Fix freeze when the kernel splicing is used
- BUG/MEDIUM: mux-h1: Don't set the flag CS_FL_RCV_MORE when nothing was parsed
- BUG/MINOR: stats/htx: Remove channel's output when the request is eaten
- BUG/MINOR: proto_htx: Fix request/response synchronisation on error
- MINOR: stream-int: Notify caller when an error is reported after a rcv_pipe()
- MINOR: stream-int: Notify caller when an error is reported after a rcv_buf()
- BUG/MINOR: stream-int: Don't call snd_buf() if there are still data in the pipe
- MINOR: stream-int: remove useless checks on CS and conn flags in si_cs_send()
- BUG/MINOR: config: Be aware of the HTX during the check of mux protocols
- BUG/MINOR: mux-htx: Fix bad test on h1c flags in h1_recv_allowed()
- MEDIUM: mworker: wait mode use standard init code path
- MINOR: log: introduce ha_notice()
- MINOR: mworker: use ha_notice to announce a new worker
- BUG/MEDIUM: http_fetch: Make sure name is initialized before http_find_header.
- MINOR: cli: add mworker_accept_wrapper to 'show fd'
- MEDIUM: signal: signal_unregister() removes every handlers
- BUG/MEDIUM: mworker: unregister the signals of main()
- MINOR: cli: add a few missing includes in proto/cli.h
- REORG: time/activity: move activity measurements to activity.{c,h}
- MINOR: activity: report the average loop time in "show activity"
- MINOR: activity: add configuration and CLI support for "profiling.tasks"
- MEDIUM: tasks: collect per-task CPU time and latency
- MINOR: sample: add cpu_calls, cpu_ns_avg, cpu_ns_tot, lat_ns_avg, lat_ns_tot
- MINOR: cli/activity: rename the stolen CPU time fields to mention milliseconds
- BUG/MINOR: cli: Fix memory leak
- BUG/MINOR: mworker: fix FD leak and memory leak in error path
- MINOR: poller: move the call of tv_update_date() back to the pollers
- MINOR: polling: add an option to support busy polling
- MINOR: server: Add "alpn" and "npn" keywords.
- MEDIUM: connection: Don't bother reactivating polling after connection retry.
- MAJOR: connections: Defer mux creation for outgoing connection if alpn is set.
- MEDIUM: ssl: Add ssl_bc_alpn and ssl_bc_npn sample fetches.
- MINOR: servers: Free [idle|safe|priv]_conns on exit.
- REGTEST: add the option to test only a specific set of files
- REGTEST: add a test for connections to a "dispatch" address
- BUG/MEDIUM: connections: Don't reset the conn flags in *connect_server().
- MINOR: server: Only defined conn_complete_server if USE_OPENSSL is set.
- BUG/MEDIUM: servers: Don't check if we have a conn_stream too soon.
- BUG/MEDIUM: sessions: Set sess->origin to NULL if the origin was destroyed.
- MEDIUM: servers: Store the connection in the SI until we have a mux.
- BUG/MEDIUM: h2: wake the processing task up after demuxing
- BUG/MEDIUM: h2: restart demuxing after releasing buffer space
Willy Tarreau [Sun, 25 Nov 2018 07:03:32 +0000 (08:03 +0100)]
BUG/MEDIUM: h2: restart demuxing after releasing buffer space
Since the connection changes in 1.9, some breakage happened to the H2 mux
whose initial design was heavily relying on the fact that connection-level
functions were woken up after data were transferred to the stream layer.
We need to wake the demux up after receiving such data if the demux is
blocked. This at least allows to receive POSTs again. One issue remains,
it looks like the end of the uploaded data is silently discarded if the
server responds before the end of the transfer (H2 in half-closed(local)
state), which doesn't happen with 1.8.14 and nghttp as the client.
Willy Tarreau [Sun, 25 Nov 2018 07:45:16 +0000 (08:45 +0100)]
BUG/MEDIUM: h2: wake the processing task up after demuxing
After the changes to the connection layer in 1.9, some wake up calls
need to be introduced to re-activate reading from the connection. One
such place is at the end of h2_process_demux(), otherwise processing
of input data stops after a few frames.
Olivier Houchard [Fri, 23 Nov 2018 16:07:04 +0000 (17:07 +0100)]
MEDIUM: servers: Store the connection in the SI until we have a mux.
When we create a connection, if we have to defer the conn_stream and the
mux creation until we can decide it (ie until the SSL handshake is done, and
the ALPN is decided), store the connection in the stream_interface, so that
we're sure we can destroy it if needed.
Olivier Houchard [Fri, 23 Nov 2018 13:50:47 +0000 (14:50 +0100)]
BUG/MEDIUM: sessions: Set sess->origin to NULL if the origin was destroyed.
When ending a stream, if the origin is an appctx, the appctx will have been
destroyed already, but it does not destroy the session. So later, when we
try to destroy the session, we try to dereference sess->origin and die
trying.
Fix this by explicitely setting sess->origin to NULL before calling
session_free().
Olivier Houchard [Fri, 23 Nov 2018 13:32:08 +0000 (14:32 +0100)]
BUG/MEDIUM: servers: Don't check if we have a conn_stream too soon.
The creation of the conn_stream for an outgoing connection has been delayed
a bit, and when using dispatch, a check was made to see if a conn_stream
was attached before the conn_stream was created, so remove the test, as
it's done later anyway, and create and install the conn_stream right away
when we don't have a server, as is done when we don't have an alpn/npn
defined.
Olivier Houchard [Fri, 23 Nov 2018 13:23:07 +0000 (14:23 +0100)]
BUG/MEDIUM: connections: Don't reset the conn flags in *connect_server().
In the various connect_server() functions, don't reset the connection flags,
as some may have been set before. The flags are initialized in conn_init(),
anyway.
Willy Tarreau [Fri, 23 Nov 2018 07:29:15 +0000 (08:29 +0100)]
REGTEST: add the option to test only a specific set of files
It currently is quite difficult to re-reun a specific test after an
error occurs. This patch adds a REG_TEST_FILES variable to the makefile,
which will be used to override the find operation. This helps focusing
on a specific file, which is essential during bisect to figure what
commit introduced a specific regression. Multiple files may be tested,
the return code will indicate the number of failed tests.
Olivier Houchard [Tue, 20 Nov 2018 23:16:29 +0000 (00:16 +0100)]
MAJOR: connections: Defer mux creation for outgoing connection if alpn is set.
If an ALPN (or a NPN) was chosen for a server, defer choosing the mux until
after the SSL handshake is done, and the ALPN/NPN has been negociated, so
that we know which mux to pick.
Olivier Houchard [Tue, 20 Nov 2018 23:16:45 +0000 (00:16 +0100)]
MEDIUM: connection: Don't bother reactivating polling after connection retry.
As we now will no longer try tro subscribe to recv/send events before the
connection is established, there's no need to reactivate polling on the fd
when retrying connection. It will be activated later on subscribe.
Willy Tarreau [Thu, 22 Nov 2018 17:07:59 +0000 (18:07 +0100)]
MINOR: polling: add an option to support busy polling
In some situations, especially when dealing with low latency on processors
supporting a variable frequency or when running inside virtual machines,
each time the process waits for an I/O using the poller, the processor
goes back to sleep or is offered to another VM for a long time, and it
causes excessively high latencies.
A solution to this provided by this patch is to enable busy polling using
a global option. When busy polling is enabled, the pollers never sleep and
loop over themselves waiting for an I/O event to happen or for a timeout
to occur. On multi-processor machines it can significantly overheat the
processor but it usually results in much lower latencies.
A typical test consisting in injecting traffic over a single connection at
a time over the loopback shows a bump from 4640 to 8540 connections per
second on forwarded connections, indicating a latency reduction of 98
microseconds for each connection, and a bump from 12500 to 21250 for
locally terminated connections (redirects), indicating a reduction of
33 microseconds.
It is only usable with epoll and kqueue because select() and poll()'s
API is not convenient for such usages, and the level of performance they
are used in doesn't benefit from this anyway.
The option, which obviously remains disabled by default, can be turned
on using "busy-polling" in the global section, and turned off later
using "no busy-polling". Its status is reported in "show info" to help
troubleshooting suspicious CPU spikes.
BUG/MINOR: mworker: fix FD leak and memory leak in error path
Fix some memory leak and a FD leak in the error path of the master proxy
initialisation. It's a really minor issue since the process is exiting
when taking those error paths.
Tim Duesterhus [Thu, 22 Nov 2018 15:46:50 +0000 (16:46 +0100)]
BUG/MINOR: cli: Fix memory leak
Valgrind's memcheck reports memory leaks in cli.c, because
the out parameter of memprintf is not properly freed:
==31035== 11 bytes in 1 blocks are definitely lost in loss record 16 of 101
==31035== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==31035== by 0x4C2FDEF: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==31035== by 0x4A3C72: my_realloc2 (standard.h:1364)
==31035== by 0x4A3C72: memvprintf (standard.c:3459)
==31035== by 0x4A3D93: memprintf (standard.c:3482)
==31035== by 0x4AF77E: mworker_cli_sockpair_new (cli.c:2324)
==31035== by 0x48E826: init (haproxy.c:1749)
==31035== by 0x408BBC: main (haproxy.c:2725)
==31035==
==31035== 11 bytes in 1 blocks are definitely lost in loss record 17 of 101
==31035== at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==31035== by 0x4C2FDEF: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==31035== by 0x4A3C72: my_realloc2 (standard.h:1364)
==31035== by 0x4A3C72: memvprintf (standard.c:3459)
==31035== by 0x4A3D93: memprintf (standard.c:3482)
==31035== by 0x4AF071: mworker_cli_proxy_create (cli.c:2172)
==31035== by 0x48EC89: init (haproxy.c:1760)
==31035== by 0x408BBC: main (haproxy.c:2725)
Willy Tarreau [Thu, 22 Nov 2018 15:13:17 +0000 (16:13 +0100)]
MINOR: cli/activity: rename the stolen CPU time fields to mention milliseconds
The "cpust_{tot,1s,15s}" fields used to report milliseconds but nothing
in the value's title made this explicit. Let's rename the field to report
"cpust_ms_{tot,1s,15s}" to more easily remind that the unit represents
milliseconds.
These sample fetch keywords report performance metrics about the task calling
them. They are useful to report in logs which requests consume too much CPU
time and what negative performane impact it has on other requests. Typically
logging cpu_ns_avg and lat_ns_avg will show culprits and victims.
Willy Tarreau [Thu, 31 May 2018 12:48:54 +0000 (14:48 +0200)]
MEDIUM: tasks: collect per-task CPU time and latency
Right now we measure for each task the cumulated time spent waiting for
the CPU and using it. The timestamp uses a 64-bit integer to report a
nanosecond-level date. This is only enabled when "profiling.tasks" is
enabled, and consumes less than 1% extra CPU on x86_64 when enabled.
The cumulated processing time and wait time are reported in "show sess".
The task's counters are also reset when an HTTP transaction is reset
since the HTTP part pretends to restart on a fresh new stream. This
will make sure we always report correct numbers for each request in
the logs.
Willy Tarreau [Thu, 22 Nov 2018 10:02:09 +0000 (11:02 +0100)]
MINOR: activity: add configuration and CLI support for "profiling.tasks"
This is a new global setting which enables or disables CPU profiling
per task. For now it only sets/resets the variable based on the global
option "profiling.tasks" and supports showing it as well as setting it
from the CLI using "show profiling" and "set profiling". The option will
be used by a future commit. It was done in a way which should ease future
addition of profiling options.
Willy Tarreau [Thu, 22 Nov 2018 07:42:42 +0000 (08:42 +0100)]
MINOR: activity: report the average loop time in "show activity"
Since we know the time it takes to process everything between two poll()
calls, we can use this as the max latency measurement any task will
experience and average it.
This code does this, and reports in "show activity" the average of this
loop time over the last 1024 poll() loops, for each thread. It will vary
quickly at high loads and slowly under low to moderate loads, depending
on the rate at which poll() is called. The latency a task experiences
is expected to be half of this on average.
Willy Tarreau [Thu, 22 Nov 2018 07:31:09 +0000 (08:31 +0100)]
REORG: time/activity: move activity measurements to activity.{c,h}
At the moment the situation with activity measurement is quite tricky
because the struct activity is defined in global.h and declared in
haproxy.c, with operations made in time.h and relying on freq_ctr
which are defined in freq_ctr.h which itself includes time.h. It's
barely possible to touch any of these files without breaking all the
circular dependency.
Let's move all this stuff to activity.{c,h} and be done with it. The
measurement of active and stolen time is now done in a dedicated
function called just after tv_before_poll() instead of mixing the two,
which used to be a lazy (but convenient) decision.
Willy Tarreau [Thu, 22 Nov 2018 10:45:04 +0000 (11:45 +0100)]
MINOR: cli: add a few missing includes in proto/cli.h
Just found that proto/cli.h doesn't build if types/cli.h is not also
included by the caller, as it uses cli_kw_list is used in arguments.
But it's also true for a few other ones like mworker_proc, stream,
and channel, so let's fix this.
BUG/MEDIUM: mworker: unregister the signals of main()
The signal_register_fct() does not remove the handlers assigned to a
signal, but add a new handler to a list.
We accidentality inherited the handlers of the main() function in the
master process which is a problem because they act on the proxies.
The side effect was to stop the MASTER proxy which handle the master CLI
on a SIGUSR1, and to display some debug info when doing a SIGHUP and a
SIGQUIT.
MEDIUM: signal: signal_unregister() removes every handlers
The new function signal_unregister() removes every handlers assigned to
a signal. Once the handler list of the signal is empty, the signal is
ignored with SIG_IGN.
MINOR: cli: add mworker_accept_wrapper to 'show fd'
In the output of 'show fd', the worker CLI's socketpair was still
handled by an "unknown" function. That can be really confusing during
debug. Fixed it by showing "mworker_accept_wrapper" instead.
MEDIUM: mworker: wait mode use standard init code path
The mworker waitpid mode (which is used when a reload failed to apply
the new configuration) was still using a specific initialisation path.
That's a problem since we use a polling loop in the master now, the
master proxy is not initialized and the master CLI is not activated.
This patch removes the initialisation code of the wait mode and
introduce the MODE_MWORKER_WAIT in order to use the same init path as
the MODE_MWORKER with some exceptions. It allows to use the master proxy
and the master CLI during the waitpid mode.
BUG/MINOR: config: Be aware of the HTX during the check of mux protocols
Because the HTX is still experimental, we must add special cases during the
configuration check to be sure it is not enabled on a proxy with incompatible
options. Here, for HTX proxies, when a mux protocol is specified on a bind line
or a server line, we must force the HTX mode (PROTO_MODE_HTX).
Concretely, H2 is the only mux protocol that can be forced. And it doesn't yet
support the HTX. So forcing the H2 on an HTX proxy will always fail.
MINOR: stream-int: remove useless checks on CS and conn flags in si_cs_send()
In si_cs_send(), some checks are done the CS flags en the connection flags
before calling snd_buf(). But these checks are useless because they have already
been done earlier in the function. The harder to figure out is the flag
CO_FL_SOCK_WR_SH. So it is now tested with CF_SHUTW at the beginning.
BUG/MINOR: stream-int: Don't call snd_buf() if there are still data in the pipe
In si_cs_send, as said in comments, snd_buf() should only be called if there is
no data in the pipe anymore. But actually, this condition was not respected.
MINOR: stream-int: Notify caller when an error is reported after a rcv_buf()
For the same reason than for the commit b46784b1c ("MINOR: stream-int: Notify
caller when an error is reported after a rcv_pipe()"), we return 1 after the
call to rcv_buf() in si_cs_send() to notify the caller some processing may be
triggered.
This patch is not flagged as a bug because no strange behaviour was yet observed
without it. It is just a proactive fix to be consistent.
MINOR: stream-int: Notify caller when an error is reported after a rcv_pipe()
In si_cs_send(), when an error is found on the CS or the connection at the
beginning of the function, we return 1 to notify the caller some processing may
be triggered. So, it seems logical to do the same after the call to rcv_pipe().
This patch is not flagged as a bug because no strange behaviour was yet observed
without it. It is just a proactive fix to be consistent.
BUG/MINOR: stats/htx: Remove channel's output when the request is eaten
The request is eaten when the stats applet have finished to send its
response. It was removed from the channel's buffer, removing all HTX blocks till
the EOM. But the channel's output was not reset, leaving the request channel in
an undefined state.
BUG/MEDIUM: mux-h1: Don't set the flag CS_FL_RCV_MORE when nothing was parsed
When we start to parse a new message, if all headers have not been received,
nothing is copied in the channel's buffer. In this situation, we must not set
the flag CS_FL_RCV_MORE on the conn-stream. If we do so, the connection freezes
because there is no data to send that can reenable the reads
BUG/MEDIUM: mux-h1: Fix freeze when the kernel splicing is used
First of all, we need to be sure to keep the flag H1S_F_BUF_FLUSH on the H1S
reading data until all data was flushed from the buffer. Then we need to know
when the kernel splicing is in use and when it ends. This is handled with the
new flag H1S_F_SPLICED_DATA.
Then, we must subscribe to send when some data remain in the pipe after a
snd_pipe(). It is mandatory to wakeup the stream and avoid a freeze.
Finally, we must be sure to update the message state when we restart to use the
channel's buffer. Among other things, it is mandatory to swith the message from
DATA to DONE state when all data were sent using the kernel splicing.
BUG/MINOR: mux-h1: Enable keep-alive on server side
Don't force the close on server side anymore. Since commit 7c6f8b146 ("MAJOR:
connections: Detach connections from streams"), it is possible to release a
stream without the underlying connection.
Because of this change, we must be sure to create a new stream to handle the
next HTTP transaction only on the client side. And we must be sure to correctly
handle the read0 event in h1_recv, to be sure to call h1_process().
MAJOR: mux-h1: Remove the rxbuf and decode HTTP messages in channel's buffer
It avoids a copy between the rxbuf and the channel's buffer. It means the
parsing is done in h1_rcv_buf(). So we need to have a stream to start the
parsing. This change should improve the overall performances. It also implies a
better split between the connection layer and the applicative layer. Now, on the
connection layer, only raw data are manipulated. Raw data received from the
socket are stored in ibuf and those sent are get from obuf. On the applicative
layer, data in ibuf are parsed and copied into the channel's buffer. And on the
other side, those structured data are formatted and copied into obuf.
Willy Tarreau [Tue, 20 Nov 2018 03:47:38 +0000 (04:47 +0100)]
BUG/MEDIUM: hpack: fix encoding of "accept-ranges" field
James Brown reported that when an "accept-ranges" header field is sent
through haproxy and converted from HTTP/1.1 to H2, it's mis-encoded as
"accept-language". It happens that it's one of the few very common header
fields encoded using its index value and that this index value was misread
in the spec as 17 instead of 18, resulting in the wrong name being sent.
Thanks to Lukas for spotting the issue in the HPACK encoder itself.
projects / thirdparty / haproxy.git / log
