Thierry FOURNIER [Mon, 10 Aug 2015 15:53:45 +0000 (17:53 +0200)]
MAJOR: stick-tables: use sample types in place of dedicated types
This patch is the first step for sample integration. Actually
the stick tables uses her own data type, and some converters
must be called to convert sample type to stick-tables types.
This patch removes the stick-table types and replace it by
the sample types. This prevent:
- Maintenance of two types of converters
- reduce the code using the samples converters
Now the prototype for each action from each section are the same, and
a discriminant for determining for each section we are called are added.
So, this patch removes the wrappers for the action functions called from
more than one section.
Thierry FOURNIER [Wed, 19 Aug 2015 07:04:15 +0000 (09:04 +0200)]
MEDIUM: actions: Normalize the return code of the configuration parsers
This patch normalize the return code of the configuration parsers. Before
these changes, the tcp action parser returned -1 if fail and 0 for the
succes. The http action returned 0 if fail and 1 if succes.
The normalisation does:
- ACT_RET_PRS_OK for succes
- ACT_RET_PRS_ERR for failure
This patch merges the conguration keyword struct. Each declared configuration
keyword struct are similar with the others. This patch simplify the code.
MEDIUM: actions: Add standard return code for the action API
Action function can return 3 status:
- error if the action encounter fatal error (like out of memory)
- yield if the action must terminate his work later
- continue in other cases
For performances considerations, some actions are not processed by remote
function. They are directly processed by the function. Some of these actions
does the same things but for different processing part (request / response).
This patch give the same name for the same actions, and change the normalization
of the other actions names.
This patch is ONLY a rename, it doesn't modify the code.
MINOR: actions: Declare all the embedded actions in the same header file
This patch group the action name in one file. Some action are called
many times and need an action embedded in the action caller. The main
goal is to have only one header file grouping all definitions.
MINOR: actions: remove the mark indicating the last entry in enum
This mark permit to detect if the action tag is over the allowed range.
- Normally, this case doesn't appear
- If it appears, it is processed by ded fault case of the switch
MINOR: proto_http: use an "expr" type in place of generic opaque type.
This patch removes the generic opaque type for storing the configuration of the
acion "set-src" (HTTP_REQ_ACT_SET_SRC), and use the dedicated type "struct expr"
MINOR: vars: use the vars types as argument in place of opaque type
The (http|tcp)-(request|response) action rules use common
opaque type. For the HAProxy embbedded feature, types are know,
it better to add this types in the action union and use it.
MINOR: lua: use the hlua_rule type in place of opaque type
The (http|tcp)-(request|response) action rules use common
opaque type. For the HAProxy embbedded feature, types are know,
it better to add this types in the action union and use it.
This patch is the first of a serie which merge all the action structs. The
function "tcp-request content", "tcp-response-content", "http-request" and
"http-response" have the same values and the same process for some defined
actions, but the struct and the prototype of the declared function are
different.
Thierry FOURNIER [Wed, 19 Aug 2015 07:05:25 +0000 (09:05 +0200)]
MEDIUM: pattern/map: Maps can returns various types
A map can store and return various types as output. The only one example is the
IPv4 and IPv6 types. The previous patch remove the type from the sample storage
struct and use the conoverter output type, expecting that all entries of the
map have the same type.
This will be wrong when the maps will support both IPv4 and IPv6 as output.
Thierry FOURNIER [Wed, 19 Aug 2015 07:02:36 +0000 (09:02 +0200)]
MINOR: samples: data assignation simplification
With the difference between the "struct sample" data and the
"struct sample_storage" data, it was not possible to write
data = data, and we did a memcpy. This patch remove some of
these memcpy.
Thierry FOURNIER [Thu, 20 Aug 2015 11:42:12 +0000 (13:42 +0200)]
MEDIUM: 51degrees: Adapt the 51Degrees library
I can't test this patch because the avalaible 51degrees library is
"51Degrees-C-3.1.5.2" and HAProxy obviously build with another version
(some defines and symbols disappear).
Thierry FOURNIER [Wed, 19 Aug 2015 07:07:19 +0000 (09:07 +0200)]
MINOR: samples: rename union from "data" to "u"
The union name "data" is a little bit heavy while we read the source
code because we can read "data.data.sint". The rename from "data" to "u"
makes the read easiest like "data.u.sint".
Thierry FOURNIER [Thu, 20 Aug 2015 11:52:51 +0000 (13:52 +0200)]
MINOR: samples: extract the anonymous union and create the union sample_value
This extract is not really required, but it maybe will be usefull later.
A comming soonpatch about simplification of stick table values will
use this union
Thierry FOURNIER [Wed, 19 Aug 2015 07:00:18 +0000 (09:00 +0200)]
MEDIUM: samples: Use the "struct sample_data" in the "struct sample"
This patch remove the struct information stored both in the struct
sample_data and in the striuct sample. Now, only thestruct sample_data
contains data, and the struct sample use the struct sample_data for storing
his own data.
Willy Tarreau [Tue, 18 Aug 2015 19:51:36 +0000 (21:51 +0200)]
DOC: add new file intro.txt
This is an introduction to present HAProxy. The aim is to get rid of the
totally obsolete haproxy-en and haproxy-fr files. This file references
another one which is not there yet and which should cover the remaining
part of these obsolete files, which is how to manage the process. The
format is the same as the other docs so it should integrate seamlessly
to existing docs.
Willy Tarreau [Tue, 18 Aug 2015 15:15:20 +0000 (17:15 +0200)]
BUG/MEDIUM: counters: ensure that src_{inc,clr}_gpc0 creates a missing entry
During 1.5-dev20 there was some code refactoring to make the src_* fetch
function use the same code as sc_*. Unfortunately this introduced a
regression where src_* doesn't create an entry anymore if it does not
exist in the table. The reason is that smp_fetch_sc_stkctr() only calls
stktable_lookup_key() while src_inc_*/src_clr_* used to make use of
stktable_update_key() which additionally create the entry if it does
not exist.
There's no point modifying the common function for these two exceptions,
so instead we now have a function dedicated to the creation of this entry
for src_* only. It is called when the entry didn't exist, so that requires
minimal modifications to existing code.
Thanks to Thierry Fournier for helping diagnose the issue.
Thierry FOURNIER [Mon, 17 Aug 2015 16:38:24 +0000 (18:38 +0200)]
BUG/MEDIUM: vars: segfault during the configuration parsing
This bug is introduced by the patch 48a9cd104d07919fdd941b36e9f927a20d55edd3
"MINOR: vars: reduce the code size of some wrappers". A dereferencement was
removed.
Baptiste Assmann [Mon, 17 Aug 2015 12:25:02 +0000 (14:25 +0200)]
MINOR: server SRV_ADMF_CMAINT flag doesn't imply SRV_ADMF_FMAINT
The newly created server flag SRV_ADMF_CMAINT means that the server is
in 'disabled' mode because of configuration statement 'disabled'.
The flag SRV_ADMF_FMAINT should not be set anymore in such case and is
reserved only when the server is Forced in maintenance mode from the
stats socket.
Thierry FOURNIER [Sun, 16 Aug 2015 10:03:39 +0000 (12:03 +0200)]
BUG/MEDIUM: stream: The stream doen't inherit SC from the session
During the processing of tcp-request connection, the stream doesn't exists, so the
stick counters are stored in the session. When the stream is created it must
inherit from the session sc.
MEDIUM: cli: rely on the map's output type instead of the sample type
Next patch will remove sample_storage->type, and the only user is the
"show map" feature on the CLI which can use the map's output type instead.
Let's do that first.
MINOR: sample: Add ipv6 to ipv4 and sint to ipv6 casts
The RFC4291 says that when the IPv6 adress have the followin form:
0000::ffff:a.b.c.d, if can be converted to an IPv4 adress. This patch
enable this conversion in casts.
As the sint can be casted as ipv4, and ipv4 can be casted as ipv6, we
can directly cast sint as ipv6 using the RFC4291.
MINOR: Move http method enum from proto_http to sample
This is useful to prevent cross includes. The header file sample.h
needs to include proto_http, stick_tables.h will need to include
sample.h and proto_http includes stick_tables.h.
I choose to move the known http method define because this enum is
mainly used in sample.h. This enum is used for the sample type method.
MINOR: vars: reduce the code size of some wrappers
Some function are just a wrappers. This patch reduce the size of
this wrapper for improving the readability. One check is moved
from the wrapper to the main function, and some middle vars are
removed.
Willy Tarreau [Tue, 11 Aug 2015 09:36:45 +0000 (11:36 +0200)]
MEDIUM: config: emit a warning on a frontend without listener
Commit c6678e2 ("MEDIUM: config: authorize frontend and listen without bind")
completely removed the test for bind lines in frontends in order to make it
easier for automated tools to generate configs (eg: replacing a bind with
another one passing via a temporary config without any bind line). The
problem is that some common mistakes are totally hidden now. For example,
this apparently valid entry is silently ignored :
listen 1.2.3.4:8000
server s1 127.0.0.1:8000
Hint: 1.2.3.4:8000 is mistakenly the proxy name here.
Thus instead we now emit a warning to indicate that a frontend was found
with no listener. This should be backported to 1.5 to help spot abnormal
configurations.
Willy Tarreau [Mon, 10 Aug 2015 16:59:40 +0000 (18:59 +0200)]
MAJOR: http: remove references to appsession
appsessions started to be deprecated with the introduction of stick
tables, and the latter are much more powerful and flexible, and in
addition they are replicated between nodes and maintained across
reloads. Let's now remove appsession completely.
core.register_task(function()
while true do
core.Alert("LOLOLOLOLOL")
end
end)
I'd always get a timeout error starting the registered function.
The problem lies as far as I can tell in the fact that is possible for
now_ms to not change (is this maybe a problem on my config/system?)
until the expiration check happens, in the resume function that
actually kickstarts the lua task, making HAProxy think that expiration
time for the task is up, if I understand correctly tasks are meant to
never really timeout.
BUG/MEDIUM: DNS resolution response parsing broken
In some cases, parsing of the DNS response is broken and the response is
considered as invalid, despite being valid.
The current patch fixes this issue. It's a temporary solution until I
rework the response parsing to store the response buffer into a real DNS
packet structure.
Dragan Dosen [Fri, 7 Aug 2015 14:41:23 +0000 (16:41 +0200)]
MINOR: 51d: unable to start haproxy without "51degrees-data-file"
This patch adds a few checks on "global._51degrees.data_file_path" and allows
haproxy to start even when the pattern or trie data file is not specified.
If the "51d" converter is used, a new function "_51d_conv_check" will check
"global._51degrees.data_file_path" and displays a warning if necessary.
In src/haproxy.c, the global 51Degrees "cache_size" has moved outside of the
FIFTYONEDEGREES_H_PATTERN_INCLUDED ifdef block.
Willy Tarreau [Wed, 5 Aug 2015 15:16:33 +0000 (17:16 +0200)]
MEDIUM: backend: add the "http-reuse aggressive" strategy
This strategy is less extreme than "always", it only dispatches first
requests to validated reused connections, and moves a connection from
the idle list to the safe list once it has seen a second request, thus
proving that it could be reused.
Willy Tarreau [Wed, 5 Aug 2015 14:35:23 +0000 (16:35 +0200)]
MINOR: server: add a list of safe, already reused idle connections
These ones are considered safe as they have already been reused.
They will be useful in "aggressive" and "always" http-reuse modes
in order to place the first request of a connection with the least
risk.
Willy Tarreau [Wed, 5 Aug 2015 14:02:46 +0000 (16:02 +0200)]
MEDIUM: backend: implement "http-reuse safe"
The "safe" mode consists in picking existing connections only when
processing a request that's not the first one from a connection. This
ensures that in case where the server finally times out and closes, the
client can decide to replay idempotent requests.
Willy Tarreau [Thu, 6 Aug 2015 09:37:10 +0000 (11:37 +0200)]
MAJOR: backend: improve the connection reuse mechanism
Now instead of closing the existing connection attached to the
stream interface, we first check if the one we pick was attached to
another stream interface, in which case the connections are swapped
if possible (eg: if the current connection is not private). That way
the previous connection remains attached to an existing session and
significantly increases the chances of being reused.
Willy Tarreau [Tue, 4 Aug 2015 18:45:52 +0000 (20:45 +0200)]
MAJOR: backend: initial work towards connection reuse
In connect_server(), if we don't have a connection attached to the
stream-int, we first look into the server's idle_conns list and we
pick the first one there, we detach it from its owner if it had one.
If we used to have a connection, we close it.
This mechanism works well but doesn't scale : as servers increase,
the likeliness that the connection attached to the stream interface
doesn't match the server and gets closed increases.
Willy Tarreau [Wed, 5 Aug 2015 12:12:31 +0000 (14:12 +0200)]
MINOR: config: add new setting "http-reuse"
For now it only supports "never", meaning that we never want to reuse a
shared connection, and "always", meaning that we can use any connection
that was not marked private. When "never" is set, this also implies that
no idle connection may become a shared one.
Willy Tarreau [Tue, 4 Aug 2015 17:24:13 +0000 (19:24 +0200)]
MINOR: connection: add a new flag CO_FL_PRIVATE
This flag is set on an outgoing connection when this connection gets
some properties that must not be shared with other connections, such
as dynamic transparent source binding, SNI or a proxy protocol header,
or an authentication challenge from the server. This will be needed
later to implement connection reuse.
Willy Tarreau [Wed, 5 Aug 2015 09:08:30 +0000 (11:08 +0200)]
MINOR: stream-int: make si_idle_conn() only accept valid connections
This function is now dedicated to idle connections only, which means
that it must not be used without any endpoint nor anything not a
connection. The connection remains attached to the stream interface.
Willy Tarreau [Tue, 4 Aug 2015 15:25:58 +0000 (17:25 +0200)]
MINOR: connection: add a new list member in the connection struct
This list member will be used to attach a connection to a list of
idle, reusable or queued connections. It's unused for now. Given
that it's not expected to be used more than a few times per session,
the member was put after the target, in the area starting at the
second cache line of the structure.
Willy Tarreau [Tue, 4 Aug 2015 15:19:06 +0000 (17:19 +0200)]
MINOR: server: add a list of private idle connections
For now it's not populated but we have the list entry. It will carry
all idle connections that sessions don't want to share. They may be
used later to reclaim connections upon socket shortage for example.
Willy Tarreau [Tue, 4 Aug 2015 18:44:05 +0000 (20:44 +0200)]
MINOR: stream-int: add new function si_detach_endpoint()
This function only detaches the endpoint from the stream-int and
optionally returns the original pointer. This will be needed to
steal idle connections from other connections.
Willy Tarreau [Wed, 5 Aug 2015 19:47:23 +0000 (21:47 +0200)]
MEDIUM: stream-int: simplify si_alloc_conn()
Since we now always call this function with the reuse parameter cleared,
let's simplify the function's logic as it cannot return the existing
connection anymore. The savings on this inline function are appreciable
(240 bytes) :
$ size haproxy.old haproxy.new
text data bss dec hex filename 1020383 40816 36928 1098127 10c18f haproxy.old 1020143 40816 36928 1097887 10c09f haproxy.new
Willy Tarreau [Tue, 4 Aug 2015 17:45:36 +0000 (19:45 +0200)]
MEDIUM: backend: don't call si_alloc_conn() when we reuse a valid connection
connect_server() already does most of the check that is done again in
si_alloc_conn(), so let's simply reuse the existing connection instead
of calling the function again. It will also simplify the connection
reuse.
Indeed, for reuse to be set, it also requires srv_conn to be valid. In the
end, the only situation where we have to release the existing connection
and allocate a new one is when reuse == 0.
Willy Tarreau [Tue, 4 Aug 2015 17:34:21 +0000 (19:34 +0200)]
CLEANUP: backend: factor out objt_server() in connect_server()
objt_server() is called multiple times at various places while some
places already make use of srv for this. Let's move the call at the
top of the function and use it all over the place.
DOC: resolve-prefer default value and default-server update
By the code, resolve-prefer defaults to IPv6 and is also available in
the default-server directive.
These information were missing or wrong in the documentation.
MINOR: stream: initialize the current_rule field to NULL on stream init
Currently it is possible for the current_rule field to be evaluated before
being set, leading to valgrind complaining:
==16783== Conditional jump or move depends on uninitialised value(s)
==16783== at 0x44E662: http_res_get_intercept_rule (proto_http.c:3730)
==16783== by 0x44E662: http_process_res_common (proto_http.c:6528)
==16783== by 0x4797B7: process_stream (stream.c:1851)
==16783== by 0x414634: process_runnable_tasks (task.c:238)
==16783== by 0x40B02F: run_poll_loop (haproxy.c:1528)
==16783== by 0x407F25: main (haproxy.c:1887)
Vincent Bernat [Thu, 16 Jul 2015 18:52:51 +0000 (20:52 +0200)]
BUILD: link with libdl if needed for Lua support
On platforms where the dl*() functions are not part of the libc, a
program linking Lua also needs to link to libdl.
Moreover, on platforms using a gold linker with the --as-needed flag,
the libdl library needs to be linked after linking Lua, otherwise, it
won't be marked as needed and will be discarded and its symbols won't be
present at the end of the linking phase.
Ubuntu enables the --as-needed flag by default. Other distributions may
advertise its use, like Gentoo.
Released version 1.6-dev3 with the following main changes :
- CLEANUP: sample: generalize sample_fetch_string() as sample_fetch_as_type()
- MEDIUM: http: Add new 'set-src' option to http-request
- DOC usesrc root privileges requirments
- BUG/MINOR: dns: wrong time unit for some DNS default parameters
- MINOR: proxy: bit field for proxy_find_best_match diff status
- MINOR: server: new server flag: SRV_F_FORCED_ID
- MINOR: server: server_find functions: id, name, best_match
- DOC: dns: fix chapters syntax
- BUILD/MINOR: tools: rename popcount to my_popcountl
- BUILD: add netbsd TARGET
- MEDIUM: 51Degrees code refactoring and cleanup
- MEDIUM: 51d: add LRU-based cache on User-Agent string detection
- DOC: add notes about the "51degrees-cache-size" parameter
- BUG/MEDIUM: 51d: possible incorrect operations on smp->data.str.str
- BUG/MAJOR: connection: fix TLV offset calculation for proxy protocol v2 parsing
- MINOR: Add sample fetch to detect Supported Elliptic Curves Extension
- BUG/MINOR: payload: Add volatile flag to smp_fetch_req_ssl_ec_ext
- BUG/MINOR: lua: type error in the arguments wrapper
- CLEANUP: vars: remove unused struct
- BUG/MINOR: http/sample: gmtime/localtime can fail
- MINOR: standard: add 64 bits conversion functions
- MAJOR: sample: converts uint and sint in 64 bits signed integer
- MAJOR: arg: converts uint and sint in sint
- MEDIUM: sample: switch to saturated arithmetic
- MINOR: vars: returns variable content
- MEDIUM: vars/sample: operators can use variables as parameter
- BUG/MINOR: ssl: fix smp_fetch_ssl_fc_session_id
- BUILD/MINOR: lua: fix a harmless build warning
- BUILD/MINOR: stats: fix build warning due to condition always true
- BUG/MAJOR: lru: fix unconditional call to free due to unexpected semi-colon
- BUG/MEDIUM: logs: fix improper systematic use of quotes with a few tags
- BUILD/MINOR: lua: ensure that hlua_ctx_destroy is properly defined
- BUG/MEDIUM: lru: fix possible memory leak when ->free() is used
- MINOR: vars: make the accounting not depend on the stream
- MEDIUM: vars: move the session variables to the session, not the stream
- BUG/MEDIUM: vars: do not freeze the connection when the expression cannot be fetched
- BUG/MAJOR: buffers: make the buffer_slow_realign() function respect output data
- BUG/MAJOR: tcp: tcp rulesets were still broken
- MINOR: stats: improve compression stats reporting
- MINOR: ssl: make self-generated certs also work with raw IPv6 addresses
- CLEANUP: ssl: make ssl_sock_generated_cert_serial() take a const
- CLEANUP: ssl: make ssl_sock_generate_certificate() use ssl_sock_generated_cert_serial()
- BUG/MINOR: log: missing some ARGC_* entries in fmt_directives()
- MINOR: args: add new context for servers
- MINOR: stream: maintain consistence between channel_forward and HTTP forward
- MINOR: ssl: provide ia function to set the SNI extension on a connection
- MEDIUM: ssl: add sni support on the server lines
- CLEANUP: stream: remove a useless call to si_detach()
- CLEANUP: stream-int: fix a few outdated comments about stream_int_register_handler()
- CLEANUP: stream-int: remove stream_int_unregister_handler() and si_detach()
- MINOR: stream-int: only use si_release_endpoint() to release a connection
- MINOR: standard: provide htonll() and ntohll()
- CLEANUP/MINOR: dns: dns_str_to_dn_label() only needs a const char
- BUG/MAJOR: dns: fix the length of the string to be copied
projects / thirdparty / haproxy.git / log
